Le dernier correctif de Microsoft relatif à la faille CVE-2022-26925 pour forcer l'authentification à un contrôleur de domaine via le protocole NTML ne met pas un terme aux exploits de vulnérabilités PetitPotam. Les entreprises ont surtout intérêt à adopter de meilleures pratiques et paramétrer correctement leurs pare-feux.

Numerosi rapporti ci suggeriscono che gli attacchi basati su codici malevoli rappresentano la maggioranza delle offensive cui osserviamo, tra esse la fanno da padrona i ransomware e gli info-stealer, questi ultimi sono malware concepiti per rubare un gran numero di informazioni dai sistemi infetti. Premesso ciò, chiediamoci quale sia la disponibilità sul mercato criminale di questi strumenti, quali siano i costi ed il modello di vendita.

A new study by Juniper Research has found operators will generate $27 billion from the termination of SMS messages related to multi-factor authentication in 2022; an increase from $25 billion in 2021. The research predicts this 5% growth will be driven by increased pressure on digital service providers to offer secure authentication that reduces risk of data breaches and protects user identity. Multi-factor authentication combines multiple credentials to verify a user or transaction. This includes sending an SMS that contains a one‑time password or code to a user’s unique phone number.

Tracking, marketing, and analytics firms have been exfiltrating the email addresses of internet users from web forms prior to submission and without user consent, according to security researchers.

Web users enter their email addresses into online forms for a variety of reasons, including signing in or signing up for a service or subscribing to a newsletter. While enabling such functionality, email addresses typed into forms can also be collected by third-party scripts even when users change their minds and leave the site without submitting the form.

The US Department of Justice today said that Moises Luis Zagala Gonzalez (Zagala), a 55-year-old cardiologist with French and Venezuelan citizenship residing in Ciudad Bolivar, Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals.

In this analysis, Cyble looks at the Eternity Malware suite, listing a wide variety of malware for sale on Telegram.

Sometimes when we publish details and writeups about vulnerabilities we are so focused on the actual bug, that we don't notice others, which might be still hidden inside the details. The same can happen when we read these issues, but if we keep our eyes open we might find hidden gems. [Download Slides](http://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Fitzl-macOS-vulnerabilities-hiding-in-plain-sight.pdf) [Download Whitepaper](http://i.blackhat.com/Asia-22/Friday-Materials/AS-22-Fitzl-macOS-vulnerabilities-hiding-in-plain-sight-wp.pdf)

Rules for industries and governments aim to prevent all-out cyber breakdown.

The Linux Foundation and the Open Source Software Security Foundation (OpenSSF) brought together over 90 executives from 37 companies and...

Researcher shares how he unearthed newer bugs in Apple's operating system by closer scrutiny of previous research, including vulnerabilities that came out of the Pwn2Own competition.

La dernière salve de correctifs de Microsoft comble 74 vulnérabilités incluant 7 de niveau critique. Classée comme importante et d'un score CVSS de 8.1, la faille CVE-2022-26925 de type Windows LSA Spoofing est à corriger d'urgence.

The attack on Viasat showcases cyber’s emerging role in modern warfare.

The JFrog Security Research team identified and quickly disclosed new npm malicious packages aimed at compromising leading industrial organizations

Microsoft coined the term “human-operated ransomware” to clearly define a class of attack driven by expert humane intelligence at every step of the attack chain and culminate in intentional business disruption and extortion. In this blog, we explain the ransomware-as-a-service affiliate model and disambiguate between the attacker tools and the various threat actors at play during a security incident.

The Costa Rican President Rodrigo Chaves has declared a national emergency following cyber attacks from Conti ransomware group on multiple government bodies. BleepingComputer also observed Conti published most of the 672 GB dump that appears to contain data belonging to the Costa Rican government agencies. The declaration was signed into law by Chaves on Sunday, May 8th, same day as the economist and former Minister of Finance effectively became the country's 49th and current president.

Si depuis l’offensive Russe en Ukraine, le « cyber Pearl Harbor » tant redouté n'a pas fait la Une de l’actualité, les assauts contre les infrastructures numériques de l’Ukraine et incidemment dans le reste de l’Europe ont bien été constatés.

Cyble Analyzes Saintstealer, an infostealer using a C&C server with known links to other popular infostealers.

Russians using smart TVs reported seeing something atypical: A message appeared instead of the usual listing of channels. “The blood of thousands of Ukrainians and hundreds of murdered children is on your hands,” read the message that took over their screens. “TV and the authorities are lying. No to war.”

Faster, easier, and more secure sign-ins will be available to consumers across leading devices and platforms.

CVE-2022-1388 is a critical vulnerability (CVSS 9.8) in the management interface of F5 Networks’ BIG-IP solution that enables an unauthenticated attacker to gain remote code execution on the system through bypassing F5’s iControl REST authentication. The vulnerability was first discovered by F5’s internal product security team and disclosed publicly on May 4, 2022.

Researchers looking into a new APT group targeting gambling sites with a variety of cross-platform malware recently identified a version of oRAT malware targeting macOS users and written in Go. While neither RATs nor Go malware are uncommon on any platform, including the Mac, the development of such a tool by a previously unknown APT is an interesting turn, signifying the increasing need for threat actors to address the rising occurrence of Macs among their intended targets and victims. In this post, we dig deeper into the technical details of this novel RAT to understand better how it works and how security teams can detect it in their environments.

Faced with a brain drain of smart people fleeing the country following its invasion of Ukraine, the Russian Federation is floating a new strategy to address a worsening shortage of qualified information technology experts: Forcing tech-savvy people within the nation's…

Recently, PwC Threat Intelligence documented the existence of BPFDoor, a passive network implant for Linux they attribute to Red Menshen…

Diverto is an information security company. We provide consulting and managed services.

Cybereason recently an attack assessed to be the work of Chinese APT Winnti that operated undetected, siphoning intellectual property and sensitive data - the two companion reports examine the tactics and techniques of the overall campaign as well as more detailed analysis of the malware arsenal and exploits used...

Faster, easier and more secure sign-ins will be available to consumers across leading devices and platforms  Mountain View, California, MAY 5, 2022  – In a joint effort to make the web […]

Nozomi Networks Labs has disclosed an unpatched vulnerability affecting the DNS of popular C standard libraries potentially in use by millions of IoT devices: uClibc and uClibc-ng.

We introduce UNC3524, a newly discovered suspected espionage threat actor targeting corporate emails.